What Are API Keys?
An Application Programming Interface (API) is used to automatically interact with Creodocs without having to navigate through the website. APIs are primarily used by software developers to integrate a desired functionality from one service, such as creating receipt documents, into a different service or product, such as an online store.
Presently, Creodocs only allows the creation of single documents via its API. If you would like to make use of this functionality, you will need to create an API key. Your API key acts as a token to identify you and authorise your requests. When you request for a document to be created through the API, you must include your key to prove that you have access to the template.
Creating a Key
You can create an API key from the Create API Key Account Settings page. You will need to specify a name for your key, which could identify how the key will be used or who will use it. Every key must also have an expiry time, specified as a number of weeks. This is a security precaution as keys allow unlimited access to your private templates and credits if they are made public. Regularly rotating keys limits the potential for their abuse and an expiry time is a good way to force this to happen regularly. If you understand the risks and would prefer no expiry, you can enter a maximum term of 520 weeks, equivalent to 10 years.
Once you create a key, it will be displayed to you in plain text just once and you should immediately copy it to a secure location. Creodocs does not store keys in plain text so there is no way to retrieve a key that you have misplaced; you will need to generate a new one.
Viewing and Deleting Current Keys
The Active Keys Account Settings page shows you a table of your current active API keys, identified by their names. Along with the time each key was created and when it will expire, you can delete keys and this will immediately invalidate all API requests that attempt to use them. If you suspect any of your keys have been compromised by a third party, it is highly recommended to delete them and create new ones immediately.
You can find a list of expired keys on the Expired Keys Account Settings page. This can be used to identify when a key was created or expired, or past products/people that had access to the API through your account.